Hello guys,
I need to synchronize my LDAP users with the SAS metadata. I was trying to adapt the code provided by SAS (importad.sas), but due to the lack of knowledge in LDAP functions and SAS programming, I am not able to move forward. I wonder if anyone here has already done this, and if so, if you could share the solution with me.
Details:
- LDAP Oracle 11.1.1.7
- SAS 9.4 M4
Thank you for your attention.
Usage Note 40628 (Automating the addition of users and groups to a SAS® Metadata Repository) would be a good starting point.
It references the documentation SAS® 9.4 Intelligence Platform: Security Administration Guide and sample code.
Hope that helps.
Cheers,
Damo
I'm not expert but I think LDAP is the protocol used for Active Directory, so instructions should work for you.
Cheers,
Damo
1) Any update/resolution on this issue. From my past experience,
2) In the past, I found myself deleting SAS users manually in metadata who are no longer on the payroll. Would this fix automate this process?
3) What kind of backups do I need to do before trying this?
PS: Can we move this thread to SAS Administrators group from the programming group for more visibility ?
Thanks,
@saspert wrote:
PS: Can we move this thread to SAS Administrators group from the programming group for more visibility ?
Done.
For #2: if you get importad.sas to import users, it will also remove users that no longer exist in LDAP.
1. The importad.sas program has defaults specific to Active Directory, but as has been mentioned the program uses LDAP to pull from Active Directory so can be modified to pull from another LDAP provider. The differences would be in mapping attributes between LDAP and Metadata. This is defined in the ldapextrpersons and ldapextrgroups macros defined in importad.sas. At the beginning of each is an attrs section that specifies the names of the attributes to pull from LDAP, then there are a series of if statements that say if attrName = one of the LDAP attributes then set the value of metadata attribute to the value. Modifying those two sections allow you to go from Active Directory to another LDAP provider.
2. Once you have importad.sas successfully pulling the information you want from LDAP, you can use Sample Code for User Synchronization to use importad.sas to pull the information from LDAP and compare that with what is in Metadata, removing from Metadata those not present in the LDAP table. This is not a function of importad.sas by itself.
3. I would take a Metadata backup prior to running this in case it removes users that should remain, or adds users you don't want.
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.